Before we get started
After spending over 20 years working with Macs, both old and new, theres a tool I think would be useful to every Mac owner who is experiencing performance issues.
CleanMyMac is highest rated all-round cleaning app for the Mac, it can quickly diagnose and solve a whole plethora of common (but sometimes tedious to fix) issues at the click of a button. It also just happens to resolve many of the issues covered in the speed up section of this site, so Download CleanMyMac to get your Mac back up to speed today.
It can sometimes be necessary to change file and folder permissions on your Mac, usually because you want to restrict access to certain users and groups.
Even though it’s possible to set the file permissions using Finder, Terminal gives you slightly more control, and of course can also be used in Automator scripts for a little more flexibility. This article shows you how to change file permissions on files just using Terminal.
If you are new to using the OSX Terminal, I highly recommend the Macintosh Terminal Pocket Guide by Daniel J. Barrett as a great starting point.
File permissions permit users different types of permissions to read and write files. For example, it’s possible to set read only access to files and folders so that they can’t be changed or deleted by mistake. You might even want to delete all permissions for a particular user so that the file cannot even be opened (though it will still be visible in Finder. To make files invisible, follow this tutorial).
Permissions are usually assigned per User, Group, or Others and may have attributes such as read, write, and execute. Through Terminal, you have a lot of control over permissions, but at a basic level you can set them in Finder as follows:
1. Select a file, folder or application in Finder
2. Select Get Info (CMD + I) and inspect the Sharing & Permissions section at the bottom of the Info panel
3. Add or delete user names (under the Name column) and choose the permissions you want (under the Privilege column)
Now that you know how to edit permissions in Finder, read on to find out how it can be done in Terminal.
How To View File Permissions
In this example we’ll use a temporary folder called My Folder on which to demonstrate the various file permissions options.
1. Open Terminal (type Terminal into Spotlight or open from the Applications -> Utilities folder). A terminal window should open, but if not you can use CMD + N to open a new one or just choose New Window from the Shell menu. You’ll notice that the command prompt (which is where you enter commands) is labelled with the name of your Mac, the current folder and your user name. For example:
- Rolys-MacBook-Pro: ~roly$
2. Navigate to the folder where the file, folder or application you want to change resides. At the command prompt, use the cd command (which means change directory) by typing in the text indicated below in bold followed by the Enter/Return key.
- Rolys-MacBook-Pro: ~roly$ cd “work/chris writes”
Note that you will need to use quotes around filenames only if the item you want to edit contains a space, as it does in this case.
3. Inspect the current file permissions by typing in the ls command with the -l option to show in the long format, for example:
- Rolys-MacBook-Pro: ~roly$ ls -l
You should see the list of files in the current directory along with all the relevant file permissions for each item in the directory, as shown below. In this case I’ve actually used the -al option to also display the “.” (current) and “..” (upper level) folders, but it’s not necessary.
In the leftmost column, the file permissions for each item are listed. You’ll notice that the item My Folder (the last item in the list) has the permissions drwxr-xr-x. The first item “d” in these permissions indicates it’s a directory rather than a file (but the same principles apply). The subsequent 9 items are split into three flags (read, write and execute) for Users, Groups, and Others and can take the values “r” (read), “w” (write), “x” (execute) or “–” (unset).
It’s important to realise that Groups usually means the group to which the owner of the file belongs to, such as administrators or staff, while Others just means everyone else such as other people that have regular user accounts on your Mac.
- drwx—— means it’s a directory and read, write and execute is enabled for the current user, but nothing for anyone else
- drw-r–r– means that it’s a directory and read and write is enabled for the current user, read access for the Group, and read only access for other users (i.e. they can’t write to the file)
- -rwxrwxrwx means that read, write and execute permissions are enabled for Users, Groups and Others
How To Change File Permissions
The next step is to actually change the file permissions to whatever you want. The chmod command is the easiest way to do this. It has hundreds of different options (type man chmod in Terminal to view it’s help files), but we’ll concentrate on the simplest ones in this tutorial.
The chmod command runs in two modes – absolute and symbolic mode. The absolute mode uses an octal number with various values that can be combined to set many of the different read, write and execute permissions at once. This mode is only recommended for advanced users, but if you’re using chmod regularly you’ll get to know the different codes and might find it more convenient.
For the moment we’ll focus on the symbolic mode which is rather more human-readable. To change the file permissions on a file, you need to specify the category (User, Group, Others, or all three), the type of operation (e.g. add permissions, delete permissions, clear permissions, or use the defaults), and the permissions themselves (read, write, or execute).
The folder I created earlier called My Folder has the permissions drwxr-xr-x which means:
- User: rwx (read, write and execute)
- Group: r-x (read and execute)
- Others: r-x (read and execute)
Here are a few examples of adding and removing permissions from my folder.
Example 1: Set Read, Write and Execute For User, Groups and Others
In this case, at the command prompt type chmod ugo+ rwx “My Folder” then hit Enter, followed by ls -l to view the new permissions:
Instead of using chmod ugo+rwx you could also just use the “all” option which sets permissions for users, groups and others as follows:
- chmod a+rwx <filename>
Example 2: Remove Write and Execute Permissions For Groups and Others
At the command prompt type chmod go-wx “My Folder” followed by Enter then the ls -l command to view the files and permissions for every item in the current folder:
Example 3: Remove all Permissions For Groups
There’s another option for chmod which is to reset (i.e. set to unset) file permissions for Users, Groups or Others using the “=” option.
To reset all the permissions for Groups, just type chmod g= “filename”. In my example, this is how it looks:
Example 5: Change Permissions on Multiple Files
Changing permissions is simple enough using the examples already described, but usually you’ll want to change permissions on more than one item. Thankfully, chmod can act on multiple files. Suppose you wish to change all text files that have a txt extension. Simply combine the chmod command with the appropriate file list filter, such as:
- chmod go+wx *txt
This enables write and execute permissions for Groups and Others to all text files in the current directory.
More Advanced Scenarios
Changing the file permissions is relatively straightforward, and there are lots of combination commands that can be used together for more advanced use cases. It’s definitely worth reading the user manual (type man chmod) to view the complete list of its capabilities. Once you start playing around with file permissions, you could even build chmod commands into Automator scripts, for example to run a shell command that contains chmod directives.
There are also several related commands, notably chown which changes the ownership of files and folders – for example you might want to change the ownership of a file to the administrator user.